Merge 73fc259 into e8b489e

pomerium · Aug 15, 2023 · b97c63e · b97c63e
2 parents e8b489e + 73fc259
commit b97c63e
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/config/policy.go b/config/policy.go
@@ -496,14 +496,19 @@ func (p *Policy) Validate() error {
 		}
 	}
 
+	const clientCADeprecationMsg = "config: %s is deprecated, see https://www.pomerium.com/docs/" +
+		"reference/routes/tls#tls-downstream-client-certificate-authority for more information"
+
 	if p.TLSDownstreamClientCA != "" {
+		log.Warn(context.Background()).Msgf(clientCADeprecationMsg, "tls_downstream_client_ca")
 		_, err := base64.StdEncoding.DecodeString(p.TLSDownstreamClientCA)
 		if err != nil {
 			return fmt.Errorf("config: couldn't decode downstream client ca: %w", err)
 		}
 	}
 
 	if p.TLSDownstreamClientCAFile != "" {
+		log.Warn(context.Background()).Msgf(clientCADeprecationMsg, "tls_downstream_client_ca_file")
 		bs, err := os.ReadFile(p.TLSDownstreamClientCAFile)
 		if err != nil {
 			return fmt.Errorf("config: couldn't load downstream client ca: %w", err)